package com.haier.npt.sso.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

import com.haier.npt.sso.authentication.CustomPreAuthenticatedAuthenticationProvider;
import com.haier.npt.sso.authentication.PreAuthenticatedProcessingFilter;
import com.haier.npt.sso.authentication.PreAuthenticationUserDetailsService;
import com.haier.npt.sso.oauth.OauthService;
import com.haier.npt.sso.oauth.OauthServiceImpl;


/**
 * @Description:TODO 
 * @author: lixu
 * @date:   2018年7月13日 上午9:40:26   
 */
@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter{

	@Autowired
	private AuthenticationManager authenticationManager;
	
	@Override
	protected void configure(HttpSecurity http) throws Exception{
		http.csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
		        //对请求进行认证
		        .authorizeRequests().antMatchers("/**/user/userinfo**").authenticated()
		        .anyRequest().permitAll().and()
		        .addFilterBefore(preAuthenticatedProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
	}
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception{
		auth.authenticationProvider(preAuthenticatedAuthenticationProvider());
		super.configure(auth);
	}
	
	/**
	 * 验证token 的有效性service
	 * @return
	 */
	@Bean
	public OauthService   oauthService(){
		OauthServiceImpl oauthService = new OauthServiceImpl();
		oauthService.setCheckTokenUrl("*******");
		oauthService.setLoginUrl("*******");
		oauthService.setUserInfoUri("http://localhost:8882/internal/demo/jData");
		oauthService.setDeleteTokenUri("********");
		return oauthService ; 
	}
	
	/**
	 * @Description: 预认证过滤
	 * @param: @return      
	 * @return: PreAuthenticatedProcessingFilter      
	 * @throws   
	 */
	@Bean
	public PreAuthenticatedProcessingFilter preAuthenticatedProcessingFilter(){
		PreAuthenticatedProcessingFilter filter = new PreAuthenticatedProcessingFilter() ; 
		filter.setAuthenticationManager(authenticationManager);
		return filter ; 
	}
	
	/**
	 * 预先认证
	 * @return
	 */
	@Bean
	public PreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider() {
		CustomPreAuthenticatedAuthenticationProvider preAuthenticatedAuthenticationProvider = new CustomPreAuthenticatedAuthenticationProvider();
		preAuthenticatedAuthenticationProvider.setPreAuthenticatedUserDetailsService(preAuthenticationUserDetailsService());
		//设置验证token的有效性
		preAuthenticatedAuthenticationProvider.setOauthService(oauthService());
		return preAuthenticatedAuthenticationProvider;
	}
	
	@Bean
	public AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> preAuthenticationUserDetailsService(){
		PreAuthenticationUserDetailsService userDetailsService = new PreAuthenticationUserDetailsService(); 
		return userDetailsService;
	}
}
